# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
#   2.4.50-r0:
#     - CVE-2020-12243
#   2.4.48-r0:
#     - CVE-2019-13565
#     - CVE-2019-13057
#   2.4.46-r0:
#     - CVE-2017-14159
#     - CVE-2017-17740
#   2.4.44-r5:
#     - CVE-2017-9287
#
pkgname=openldap
pkgver=2.4.50
pkgrel=2
pkgdesc="LDAP Server"
url="https://www.openldap.org"
arch="all"
license="custom"
pkgusers="ldap"
pkggroups="ldap"
depends_dev="cyrus-sasl-dev openssl-dev util-linux-dev"
makedepends="
	$depends_dev
	autoconf
	automake
	db-dev
	groff
	libtool
	mosquitto-dev
	unixodbc-dev
	"
subpackages="
	$pkgname-dev
	$pkgname-doc
	libldapcpp
	libldap
	$pkgname-clients
	$pkgname-mqtt
	$pkgname-passwd-pbkdf2:passwd_pbkdf2
	$pkgname-passwd-sha2:passwd_sha2
	$pkgname-backend-all:_backend_all:noarch
	$pkgname-overlay-all:_overlay_all:noarch
	$pkgname-openrc
	"
install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade"
source="https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-$pkgver.tgz
	openldap-2.4-ppolicy.patch
	openldap-2.4.11-libldap_r.patch
	openldap-mqtt-overlay.patch
	fix-manpages.patch
	configs.patch
	cacheflush.patch

	slapd.initd
	slapd.confd
	"

# SLAPD backends
_backends=""
for _name in bdb dnssrv hdb ldap mdb meta monitor null passwd \
	relay shell sql sock
do
	subpackages="$subpackages $pkgname-back-$_name:_backend"
	_backends="$_backends $pkgname-back-$_name"
done

# SLAPD overlays
_overlays=""
for _name in accesslog auditlog collect constraint dds deref dyngroup \
	dynlist lastbind memberof ppolicy proxycache refint retcode rwm seqmod \
	sssvlv syncprov translucent unique valsort
do
	subpackages="$subpackages $pkgname-overlay-$_name:_overlay"
	_overlays="$_overlays $pkgname-overlay-$_name"
done

prepare() {
	default_prepare

	sed -i '/^STRIP/s,-s,,g' build/top.mk
	libtoolize --force && aclocal && autoconf
}

build() {
	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--libexecdir=/usr/lib \
		--sysconfdir=/etc \
		--mandir=/usr/share/man \
		--localstatedir=/var/lib/openldap \
		--enable-slapd \
		--enable-crypt \
		--enable-spasswd \
		--enable-modules \
		--enable-dynamic \
		--enable-bdb=mod \
		--enable-dnssrv=mod \
		--enable-hdb=mod \
		--enable-ldap=mod \
		--enable-mdb=mod \
		--enable-meta=mod \
		--enable-monitor=mod \
		--enable-null=mod \
		--enable-passwd=mod \
		--enable-relay=mod \
		--enable-shell=mod \
		--enable-sock=mod \
		--enable-sql=mod \
		--enable-overlays=mod \
		--with-tls=openssl \
		--with-cyrus-sasl
	make

	# Build MQTT overlay.
	make prefix=/usr libexec=/usr/lib \
		-C contrib/slapd-modules/mqtt

	# Build passwd pbkdf2.
	make prefix=/usr libexecdir=/usr/lib \
		-C contrib/slapd-modules/passwd/pbkdf2

	# Build passwd sha2.
	make prefix=/usr libexecdir=/usr/lib \
		-C contrib/slapd-modules/passwd/sha2

	# Build lastbind overlay.
	make prefix=/usr libexecdir=/usr/lib \
		-C contrib/slapd-modules/lastbind

	# Build C++ library.
	cd contrib/ldapc++
	autoreconf -fi
	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--with-libldap="$builddir/libraries/libldap/.libs -L$builddir/libraries/liblber/.libs" \
		--with-ldap-includes="$builddir/include"
	make
}

package() {
	make DESTDIR="$pkgdir" install

	# Install MQTT overlay.
	make DESTDIR="$pkgdir" prefix=/usr libexec=/usr/lib \
		-C contrib/slapd-modules/mqtt install

	# Install passwd pbkdf2.
	make DESTDIR="$pkgdir" prefix=/usr libexecdir=/usr/lib \
		-C contrib/slapd-modules/passwd/pbkdf2 install

	# Install passwd sha2.
	make DESTDIR="$pkgdir" prefix=/usr libexecdir=/usr/lib \
		-C contrib/slapd-modules/passwd/sha2 install

	# Install lastbind overlay.
	make DESTDIR="$pkgdir" prefix=/usr libexecdir=/usr/lib \
		-C contrib/slapd-modules/lastbind install

	make DESTDIR="$pkgdir" \
		-C contrib/ldapc++ install

	cd "$pkgdir"

	rmdir var/lib/openldap/run

	# Fix tools symlinks to slapd.
	local path; for path in $(find usr/sbin/ -type l); do
		ln -sf slapd $path
	done

	# Move executable from lib to sbin.
	mv usr/lib/slapd usr/sbin/

	# Move *.default configs to docs.
	mkdir -p usr/share/doc/$pkgname
	mv etc/openldap/*.default usr/share/doc/$pkgname/

	chgrp ldap etc/openldap/slapd.*
	chmod g+r etc/openldap/slapd.*

	install -d -m 700 -o ldap -g ldap \
		var/lib/openldap \
		var/lib/openldap/openldap-data

	install -D -m 755 "$srcdir"/slapd.initd etc/init.d/slapd
	install -D -m 644 "$srcdir"/slapd.confd etc/conf.d/slapd
}

libldapcpp() {
	pkgdesc="LDAPv3 C++ Class Library"
	depends=""
	install=""

	_submv "usr/lib/libldapcpp.so*"
}

libldap() {
	pkgdesc="OpenLDAP libraries"
	depends=""
	install=""

	_submv "usr/lib/*.so*" etc/openldap/ldap.conf
}

clients() {
	pkgdesc="LDAP client utilities"

	_submv usr/bin
}

mqtt() {
	pkgdesc="OpenLDAP MQTT overlay"
	depends="$pkgname"

	_submv "usr/lib/openldap/mqtt.*"
}

passwd_pbkdf2() {
	pkgdesc="PBKDF2 OpenLDAP support"
	depends="$pkgname"

	_submv "usr/lib/openldap/pw-pbkdf2.*"
}

passwd_sha2() {
	pkgdesc="SHA2 OpenLDAP support"
	depends="$pkgname"

	_submv "usr/lib/openldap/pw-sha2.*"
}

_backend_all() {
	pkgdesc="Virtual package that installs all OpenLDAP backends"
	depends="$_backends"

	mkdir -p "$subpkgdir"
}

_overlay_all() {
	pkgdesc="Virtual package that installs all OpenLDAP overlays"
	depends="$_overlays"

	mkdir -p "$subpkgdir"
}

_backend() {
	backend_name="${subpkgname#openldap-back-}"
	pkgdesc="OpenLDAP $backend_name backend"

	_submv "usr/lib/openldap/back_$backend_name*"
}

_overlay() {
	overlay_name="${subpkgname#openldap-overlay-}"
	pkgdesc="OpenLDAP $overlay_name overlay"

	case "$overlay_name" in
		proxycache) overlay_name=pcache;;
	esac
	_submv "usr/lib/openldap/$overlay_name*"
}

_submv() {
	local path; for path in "$@"; do
		mkdir -p "$subpkgdir"/${path%/*}
		mv "$pkgdir"/$path "$subpkgdir"/${path%/*}/
	done
}

sha512sums="f528043ff9de36f7b65d8816c9a9c24f0ac400041b2969965178ee6eae62c92a11af33a0a883e4954e5fff98a0738a9f9aa2faf5b385d21974754e045aab31ae  openldap-2.4.50.tgz
5d34d49eabe7cb66cf8284cc3bd9730fa23df4932df68549e242d250ee50d40c434ae074ebc720d5fbcd9d16587c9333c5598d30a5f1177caa61461ab7771f38  openldap-2.4-ppolicy.patch
44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357  openldap-2.4.11-libldap_r.patch
9c7f41279e91ed995c91e9a8c543c797d9294a93cf260afdc03ab5777e45ed045a4d6a4d4d0180b5dc387dc04babca01d818fbfa8168309df44f4500d2a430a4  openldap-mqtt-overlay.patch
8c4244d316a05870dd1147b2ab7ddbcfd7626b5dce2f5a0e72f066dc635c2edb4f1ea3be88c6fec2d5ab016001be16bedef70f2ce0695c3cd96f69e1614ff177  fix-manpages.patch
fd1c1ba368148d42c24071a8a8f668232347f4c48268cd189b6be4a48bb51fc11e8c29074e70db69e1a2c249210bc7d4b4d55a0712e5e97a9df04cc8f743fa70  configs.patch
60c1ec62003a33036de68402544e25a71715ed124a3139056a94ed1ba02fb8148ee510ab8f182a308105a2f744b9787e67112bcd8cd0d800cdb6f5409c4f63ff  cacheflush.patch
2d286ff7cc56153204f3ab79c464d083801a40cc9bbb0b5cc1fb19de63d6e81c953b1ab0edd256d9ba48144bbda9a0c0d628bfec1342129aa2727344dea5fa9e  slapd.initd
64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a  slapd.confd"
